This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsors

You can now attend the webcast using your mobile device!

Overview

In this webcast, SANS will release results of its second annual Threat Hunting Survey. According to our previous survey on this topic, the 2016 SANS Survey on Threat Hunting, 86% of IT departments utilized threat hunting, although only 40% had any formal threat hunting program, and 88% said their threat hunting programs needed to be improved.

Have threat-hunting programs been formalized over the past year? And if so, to what degree? Is hunting being used more proactively than in 2016? Rather than relying on indicators of compromise to start a hunt, are hunters proactively searching for the unknown?

This webcast, the first of a two-part report of the SANS Threat Hunting Survey will look at the current state of threat-hunting programs and how they have changed in the past year. In it, attendees will learn:

How regularly respondent organizations hunt for threats

Whether respondents have been more successful at hiding their hunts from adversaries

What improvements they've made in the time it takes to hunt for threats

Speaker Bios

Rob Lee

Rob Lee is the curriculum lead and author for digital forensic and incident response at the SANS Institute. With more than 19 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention and incident response, he provides consulting services via HARBINGERS LLC. in the Boston, MA. area. Before directing services at HARBINGERS, Rob worked with government agencies in law enforcement, defense, and intelligence communities as a lead for vulnerability discovery and exploit development teams supporting Title10/50 cyber operations. Following his work in the intel community, he worked at the incident response firm MANDIANT for 5 years. Notably, he co-authored MANDIANT's first detail threat intelligence reports on Chinese APT activity titled "M-Trends: The Advanced Persistent Threat."

Travis Farral

Travis Farral is the director of security strategy for Anomali. With over 20 years of security industry experience, he has developed a strong background in threat intelligence, incident response and industrial control systems security. Previously Travis ran the Cybersecurity Intelligence & Strategic Services team at ExxonMobil and spent several years at companies such as Nokia and XTO Energy.

Zach Hill

Zach Hill is the Director of Sales at DomainTools and has over 15 years of business strategy and enterprise sales experience. At DomainTools, he helps clients achieve their goals for utilizing threat intelligence in their security operations. He believes in empowering analysts by giving them valuable context on threats and moving them to a more proactive security posture via threat hunting. With a laser focus on customer needs, Zach helps define the DomainTools suite of security products including Iris and PhishEye.

Ely Kahn

Ely Kahn is co-founder and VP of Business Development for Sqrrl. Previously, Ely served in a variety of positions in the federal government, including director of cybersecurity at the National Security Staff in White House, deputy chief of staff at the National Protection Programs Directorate in the Department of Homeland Security, and director of risk management and strategic innovation in the Transportation Security Administration. Before his service in the federal government, Ely was a management consultant with Booz Allen Hamilton. He has a BA from Harvard University and a MBA from the Wharton School at the University of Pennsylvania.